108d1c64b3
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Findings Ledger CI / build-test (push) Has been cancelled
Findings Ledger CI / migration-validation (push) Has been cancelled
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Signals Reachability Scoring & Events / reachability-smoke (push) Has been cancelled
AOC Guard CI / aoc-guard (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
cryptopro-linux-csp / build-and-test (push) Has been cancelled
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Signals CI & Image / signals-ci (push) Has been cancelled
sm-remote-ci / build-and-test (push) Has been cancelled
Findings Ledger CI / generate-manifest (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Signals Reachability Scoring & Events / sign-and-upload (push) Has been cancelled
2.7 KiB
2.7 KiB
Dart & Swift Analyzer Scope Note (2025-12-09)
Goals
- Define the initial analyzer scope for Dart (pub) and Swift (SwiftPM) with deterministic, offline-friendly behavior.
- Provide fixture/backlog list to unblock readiness tracking and align with Signals/Zastava expectations.
Dart (pub)
- Inputs:
pubspec.yaml,pubspec.lock,.dart_tool/package_config.json, and downloaded packages under.dart_tool/pub. - Outputs:
- Inventory of
pkg:pub/<name>@<version>with resolved source (hosted/path/git) and sha256 when present in lockfile. - Dependency edges from
pubspec.lock; dev dependencies emitted only wheninclude_dev=true. - Analyzer metadata: sdk constraint, null-safety flag, source type per package.
- Inventory of
- Determinism:
- Sort packages and edges lexicographically.
- Normalize paths to POSIX; no network calls; rely only on lockfile/package_config on disk.
- Out of scope (v1):
- Flutter build graph, transitive runtime surface, and hosted index downloads.
- Git/path overrides beyond what is listed in lock/package_config.
- Fixtures/backlog:
- Hosted app with
pubspec.lockand.dart_tool/package_config.json(dev deps included). - Path dependency sample (relative and absolute).
- Git dependency sample with locked commit.
- Missing lockfile case (expect finding + no inventory).
- Hosted app with
Swift (SwiftPM)
- Inputs:
Package.swift,Package.resolved(v1/v2),.build/manifest cache when present. - Outputs:
- Inventory of
pkg:swiftpm/<name>@<version>with checksum fromPackage.resolvedwhen available. - Dependency edges from
Package.resolvedtarget graph; emit platforms/arch only when declared. - Analyzer metadata: Swift tools version, resolution format, mirrors when specified.
- Inventory of
- Determinism:
- Do not execute
swift package; parse manifests/resolved files only. - Stable ordering by package then target; normalize paths to POSIX.
- Do not execute
- Out of scope (v1):
- Xcodeproj resolution, binary target downloads, and build artifacts hashing.
- Conditional target resolution beyond what
Package.resolvedrecords.
- Fixtures/backlog:
- Single-package app with
Package.resolvedv2 (checksum present). - Nested target graph with products/targets/flexible platforms.
- Binary target entry (no download; expect metadata-only inventory).
- Missing
Package.resolvedcase (emit finding, no inventory).
- Single-package app with
Alignment & Next Steps
- Signals/Zastava: confirm package ID naming (
pkg:pub,pkg:swiftpm) and dependency edge semantics for reachability ingestion. - Add goldens/fixtures under
src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.DartSwift.Tests/Fixtures/**. - Update readiness checkpoints once fixtures and parsers land; current scope note unblocks backlog creation only.